Does Blue Jeans support ADFS and/or SSO provisioning?

  • 1
  • Question
  • Updated 4 years ago
What tools do Admins have to manage a Blue Jeans deployment in the pilot or post-buy phase? 
Photo of Richard Yan

Richard Yan

  • 74 Points

Posted 4 years ago

  • 1
Photo of Community Team

Community Team, Community Admin

  • 5,652 Points 5k badge 2x thumb
Admins can provision users the below methods:
  1. Manual
  2. Invite Users (multiple)
  3. SAML SSO (IE company.bluejeans.com| recommended
  4. Auto-Domain Approval via custom landing page (IE company.bluejeans.com) | recommended
  5. Bulk upload  | recommended
Regarding SAML SSO

Blue Jeans uses the secure and widely adopted industry standard Security Assertion Markup Language (SAML), which means our implementation of SSO integrates easily with any large identity provider that supports SAML. If you've built your own SAML-­based federated authentication process, we integrate with that too. We support service­-provider-initiated SAML and identity­-provider-initiated SAML.
How do I enable single sign-on (SSO) with my Blue Jeans service?
See detailed instructions on Enabling Single Sign On for Enterprise Groups (SAML). The following identity providers are officially supported:

  • Ping Identity
  • Shibboleth 

SAML Frequently Asked Questions
What version of SAML does Blue Jeans support?

Blue Jeans supports SAML version 2.0.

What SAML profiles does Blue Jeans support?

Blue Jeans supports Service Provider (SP) Initiated and Identity Provider (IdP) Initiated profiles.

What binding methods does the Blue Jeans SAML implementation use?

The binding method that is used is: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.

Where can I obtain the SAML metadata?

The SAML Metadata contents can be read at: http://bluejeans.com/support/saml-metadata.xml

What do the optional configuration steps represent?

Password Change URL: This is the URL to your Identity Provider may, or may not, provide that allows changing the user’s password.  Users will be taken to the configured URL upon clicking the “Password Settings” option in their account settings page.

Log Out URL: The log out URL is a landing page that a user will be directed to upon successfully being logged out of Blue Jeans.  It is not a Single Log Out URL.

Where do users go to log in via SAML?

For a Service Provider Initiated profile, end users will go to their Blue Jeans Enterprise Landing Page.

Example:  http://<company_domain>.bluejea...

For an Identity Provider (IdP) Initiated profile, end users will simply log into the IdP first, followed by selecting the Blue Jeans service from the IdP’s service menu.

What can I do if I accidently misconfigured my SAML settings and can’t log in anymore?

In this case, you can still log in with your original credentials by going to http://bluejeans .com.

Why don’t I see the SAML option in the Admin Security tab?

This is likely due to not having a Blue Jeans Enterprise Landing Page enabled.  Check to see if you have a landing page by entering http://<your_domain>.bluejeans.com into your browser.  If the main Blue Jeans webpage loads, you do not have a landing page enabled.  Please contact your account manager to have it enabled.

What Identity Providers does Blue Jeans support?

We support any SAML 2.0 compatible identity provider.  In addition to the IdPs listed above, some of the known IdPs that we have successfully deployed SAML with are:


Does Blue Jeans support Single Log Out?

Not at this time, but it is being considered for our roadmap.  Please let us know if this is something that is critical to your deployment of services within your organization.

The current log out URL that is offered in the configuration is simply represents the landing page to direct the user to after a successful logout from the Blue Jeans Web App is performed.


(Edited)
Photo of Sandy

Sandy

  • 396 Points 250 badge 2x thumb
We implemented the SSO using ADFS here. I can connect you with our developer who did the work if you like. The only thing that is confusing for some is what they should do if they use bluejeans from a computer that is not on the domain. You still can hit the landing page but must authenticate with your AD username and password. Our users can't always understand this concept but it works well.